Education, Security

Education sector is an attractive target for cybercriminals

Brendyn Lotz

11th November 2021

The Check Point Global Threat Index for October 2021 was published today and the education and research sectors appear to be prime targets for cybercriminals according to the firm.

While Check Point doesn’t elaborate on the most targeted industries, education does make sense for cybercriminals. The last year has seen a massive shift toward digital solutions and while businesses may have been badly prepared, the education sector was surely shocked at the complexities it faced.

With millions of educators and learners online and security measures likely at a minimum, this presents an easy target for cybercriminals.

This is not an oddity. Over the last 30 days Microsoft devices in the education sector have reported over 5.3 million encounters with enterprise malware. That accounts for 63.67 percent of all malware encounters across all industries.

The most popular malware encountered by Microsoft devices includes:

Adware:Win32/DealPly!MSR – Adware that shows ads you cannot control on your device
Backdoor:PHP/Webshell.S – Grants an attack access and control of your PC
Backdoor:Win32/Xtrat – Backdoor that can be used to install more malware on your PC
Exploit:PHP/AdmisPassShell – Exploit that can be used to install malware on your PC without your knowledge
HackTool:PowerShell/Denigrate.A – A tool used to “crack” software.

While Microsoft mentions the hack tool, it doesn’t explain what it does, but it seems as if folks in the education sector could be cracking software so they don’t have to pay for a license.

As for other malware in general, Check Point highlights the following malware as the most popular:

Trickbot – Trickbot is a modular Botnet and Banking Trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
XMRig – XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in the wild in May 2017.
Remcos – Remcos is a RAT (remote access trojan) that first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents which are attached to SPAM emails and is designed to bypass Microsoft Windows UAC security and execute malware with high-level privileges
Glupteba – Glupteba is a backdoor which gradually matured into a botnet. By 2019 it included a C&C address update mechanism through public BitCoin lists, an integral browser stealer capability and a router exploiter.
Tofsee – Tofsee is a backdoor Trojan, operating since at least 2013. Tofsee serves as a multipurpose tool that can conduct DDoS attacks, send spam emails, mine cryptocurrencies, and more.

Trickbot was used in four percent of attacks, XMRig in three percent and Remcos in two percent.

You can find Check Point’s Global Threat Index for October 2021 here.

[Image – CC 0 Pixabay]

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.